SUSE: 2018:2681-1 Moderate: php53 Out-Of-Bounds Access and Buffer Issues
suse
September 10, 2018
An update that fixes three vulnerabilities is now available
Summary
This update for php53 fixes the following issues: The following security issues were fixed: - CVE-2018-14851: Fixed an out-of-bound read in exif_process_IFD_in_MAKERNOTE, which could be exploited by an attacker via crafted JPG files, and could result in an application crash. (bsc#1103659) - CVE-2018-14883: Fixed an integer overflow leading to a heap based buffer over-read in exif_thumbnail_extract of exif.c. (bsc#1103836) - CVE-2017-9118: Fixed an out of bounds access in php_pcre_replace_impl via a crafted preg_replace call (bsc#1105466) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 11-SP4:
References
#1103659 #1103836 #1105466
Cross- CVE-2017-9118 CVE-2018-14851 CVE-2018-14883
Affected Products:
SUSE Linux Enterprise Software Development Kit 11-SP4
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2017-9118.html
https://www.suse.com/security/cve/CVE-2018-14851.html
https://www.suse.com/security/cve/CVE-2018-14883.html
https://bugzilla.suse.com/1103659
https://bugzilla.suse.com/1103836
https://bugzilla.suse.com/1105466
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:2681-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!